[Git][security-tracker-team/security-tracker][master] Add more imagemagick issues

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1c397f00 by Salvatore Bonaccorso at 2026-06-11T22:11:52+02:00
Add more imagemagick issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -116,17 +116,34 @@ CVE-2026-4096 (IBM DevOps Plan 3.0.0 through 3.0.6 is vulnerable to HTTP header
 CVE-2026-49982 (tmp is a temporary file and directory creator for node.js. In version  ...)
 	TODO: check
 CVE-2026-49219 (ImageMagick is free and open-source software used for editing and mani ...)
-	TODO: check
+	- imagemagick 8:7.1.2.24+dfsg1-1
+	NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-xcjm-wqff-m669
+	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/d1bf6bcf357fef944280263892dadf84fbb2211d (7.1.2-24)
+	NOTE: Fixed by: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/ac84db0cfd4891c0474b7bfdd3c1d016aa57216a (6.9.13-49)
 CVE-2026-49218 (ImageMagick is free and open-source software used for editing and mani ...)
-	TODO: check
+	- imagemagick 8:7.1.2.24+dfsg1-1
+	NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-8pj9-6897-74xc
+	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/84fbcef8a558b1da075417a89d29aa5632d57f63 (7.1.2-24)
+	NOTE: Fixed by: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/14faf35495e9191f54bc63df44383a76f5cf16d9 (6.9.13-49)
 CVE-2026-48994 (ImageMagick is free and open-source software used for editing and mani ...)
-	TODO: check
+	- imagemagick 8:7.1.2.24+dfsg1-1
+	NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-4v89-6mgq-6rgc
+	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/44df3a54af31b8d33fa5e40b4dc61d051c4a5d9a (7.1.2-24)
+	NOTE: Fixed by: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/662a1667d115a65b22a3792755431fc9c1f31d89 (6.9.13-49)
 CVE-2026-48734 (ImageMagick is free and open-source software used for editing and mani ...)
-	TODO: check
+	- imagemagick 8:7.1.2.24+dfsg1-1
+	NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-h36c-3666-h489
+	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/9ee821731faee8c4cc44103cc4180854046bb13c (7.1.2-24)
+	NOTE: Fixed by: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/60153856299c66689e3620b8347c0cc32c807d95 (6.9.13-49)
 CVE-2026-48733 (ImageMagick is free and open-source software used for editing and mani ...)
-	TODO: check
+	- imagemagick 8:7.1.2.24+dfsg1-1
+	NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-5v62-8fq6-cp9m
+	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/3a12d63368e88350ed838966fcbb67625938cf3a (7.1.2-24)
+	NOTE: Fixed by: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/1a59a4f31acca06f90a1f83424ef991a60f76b61 (6.9.13-49)
 CVE-2026-48724 (ImageMagick is free and open-source software used for editing and mani ...)
-	TODO: check
+	- imagemagick 8:7.1.2.24+dfsg1-1
+	NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-2hhq-c99x-492r
+	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/017c7efe4d63b953b35ab96fc0939ba3620e4739 (7.1.2-24)
 CVE-2026-48547 (KanaDojo contains a command injection vulnerability that allows an att ...)
 	TODO: check
 CVE-2026-48546 (KanaDojo before 0.1.18 contains a sandbox escape vulnerability that al ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c397f00f8f19b53a4a1b278f8432a38e2b61850

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c397f00f8f19b53a4a1b278f8432a38e2b61850
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260611/ffd6f0a6/attachment-0001.htm>